•
•
•
•
What is DaniWeb IT Discussion Community?
You're currently browsing the Viruses, Spyware and other Nasties section within the Tech Talk category of DaniWeb, a massive community of 455,974 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 3,754 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our Viruses, Spyware and other Nasties advertiser: 64-bit Windows Community
Views: 2255 | Replies: 3
 |
•
•
Join Date: Aug 2004
Posts: 1
Reputation: 
Rep Power: 0
Solved Threads: 0
Newbie Poster
Hello everyone! Glad I found this board!! I am going nuts with 2 problems I am having. Problem 1: I cannot open links on forums or anywhere!! When I click on a link nothing happens. Problem 2: When I click on (START) then (Search for files and folders) nothing happens. I am just trying to use my regular desktop search for files and folders and it dosen't do anything when I click on it. I ran hijack this and this is what I got:
Logfile of HijackThis v1.97.7
Scan saved at 12:47:17 AM, on 8/26/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\System32\drieqchk.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\WINDOWS\System32\wstbase.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\Uit9952.exe
C:\WINDOWS\System32\Uit9952.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Documents and Settings\mycomputer\Local Settings\Temp\Temporary Directory 14 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = c:\searchpage.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///c:/searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = c:\searchpage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = c:\searchpage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\CxtPls\CxtPls.dll
O4 - HKLM\..\Run: [3K2SJMB3#XWWWM] C:\WINDOWS\System32\Vryu.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [p7rh3FU] drieqchk.exe
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [PopUpInspector] C:\Program Files\GIANT Company Software inc\PopUp Inspector\PopUpInspector.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [Yw0nRPY4U] wstbase.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O13 - DefaultPrefix: c:\searchpage.html?page=
O13 - WWW Prefix: c:\searchpage.html?page=
O13 - Home Prefix: c:\searchpage.html?page=
O13 - Mosaic Prefix: c:\searchpage.html?page=
Tried deleting some of that stuff but it kept coming back after I would run hijack this over and over! I can't even search to delete anything because search won't work on my desktop. Also, I get pop ups all day like a MOFO!!HEEEELP!!! :!:
Logfile of HijackThis v1.97.7
Scan saved at 12:47:17 AM, on 8/26/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\System32\drieqchk.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\WINDOWS\System32\wstbase.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\Uit9952.exe
C:\WINDOWS\System32\Uit9952.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Documents and Settings\mycomputer\Local Settings\Temp\Temporary Directory 14 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = c:\searchpage.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///c:/searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = c:\searchpage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = c:\searchpage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\CxtPls\CxtPls.dll
O4 - HKLM\..\Run: [3K2SJMB3#XWWWM] C:\WINDOWS\System32\Vryu.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [p7rh3FU] drieqchk.exe
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [PopUpInspector] C:\Program Files\GIANT Company Software inc\PopUp Inspector\PopUpInspector.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [Yw0nRPY4U] wstbase.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O13 - DefaultPrefix: c:\searchpage.html?page=
O13 - WWW Prefix: c:\searchpage.html?page=
O13 - Home Prefix: c:\searchpage.html?page=
O13 - Mosaic Prefix: c:\searchpage.html?page=
Tried deleting some of that stuff but it kept coming back after I would run hijack this over and over! I can't even search to delete anything because search won't work on my desktop. Also, I get pop ups all day like a MOFO!!HEEEELP!!! :!:
•
•
Join Date: Dec 2003
Location: Marin County, CA
Posts: 6,439
Reputation:
Rep Power: 18
Solved Threads: 339
Hi franco802,
As noted in the announcement at the top of each main forum page, HijackThis logs are only to be posted in the Security forum. Given that, I'm moving your thread to Security now.
As noted in the announcement at the top of each main forum page, HijackThis logs are only to be posted in the Security forum. Given that, I'm moving your thread to Security now.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
•
•
Join Date: Dec 2003
Location: Marin County, CA
Posts: 6,439
Reputation:
Rep Power: 18
Solved Threads: 339
OK, first of all:
1. You are running an older version of HJT. Please get the newest (1.98.2) version.
2. You are running HijackThis from a Temp directory, which is not recommended. When you download the new HJT version, create a separate new folder for it (some thing like C:\HijackThis or C:\downloads\HijackThis). When HJT runs, it creates backup files before it fixes anything, just in case you "fixed" the wrong thing. By putting HJT in its own folder, you'll have those files available in that folder should you need them.
Post the log from version 1.98.2 and we'll take it from there. You might also want to run the utilities Ad Aware and SpyBot before running HJT; they will detect and remove a lot of the parasites from your system. Links to those programs are in my sig below.
1. You are running an older version of HJT. Please get the newest (1.98.2) version.
2. You are running HijackThis from a Temp directory, which is not recommended. When you download the new HJT version, create a separate new folder for it (some thing like C:\HijackThis or C:\downloads\HijackThis). When HJT runs, it creates backup files before it fixes anything, just in case you "fixed" the wrong thing. By putting HJT in its own folder, you'll have those files available in that folder should you need them.
Post the log from version 1.98.2 and we'll take it from there. You might also want to run the utilities Ad Aware and SpyBot before running HJT; they will detect and remove a lot of the parasites from your system. Links to those programs are in my sig below.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
•
•
Join Date: Feb 2004
Location: Oztralya
Posts: 8,015
Reputation:
Rep Power: 23
Solved Threads: 455
You also have the peper trojan. To remove it please do the following:
Download the PeperFix.exe tool from here:
http://downloads.subratam.org/PeperFix.exe
Click on the PeperFix.exe to launch it.
Click the Find and Fix button.
It will scan the %Systemroot% folder and locate all the peper files. You will be prompted to reboot. Reboot and it will delete the peper files.
Ensure that you are online before starting the fix. Make sure to run the fix twice.
Make sure you do what DMR requested & post the log as there will be remnants to delete.
Download the PeperFix.exe tool from here:
http://downloads.subratam.org/PeperFix.exe
Click on the PeperFix.exe to launch it.
Click the Find and Fix button.
It will scan the %Systemroot% folder and locate all the peper files. You will be prompted to reboot. Reboot and it will delete the peper files.
Ensure that you are online before starting the fix. Make sure to run the fix twice.
Make sure you do what DMR requested & post the log as there will be remnants to delete.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
|
•
•
•
•
•
•
•
•
DaniWeb Viruses, Spyware and other Nasties Marketplace
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Linear Mode
- fstream problems. No output to file. (C++)
- Hello all (Community Introductions)
- Vbulletin 3.5.4 Newbie Questions/Problems (Existing Scripts)
- newbie with lots of problems (Viruses, Spyware and other Nasties)
- SuSE 9.1 - Minor issues (*nix Software)
- newbie: need help setting up my network, router + firewall problems (Networking Hardware Configuration)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Help! Can't browse, use control panel or Explorer
- Next Thread: Please read this hijack log and advise
